The Santy worm used a simple double-encoded single tick to bypass Magic Quotes. The real problem was the code: it then urldecoded the single-encoded tick at that point, but framework tricks like Magic Quotes are not the "end-all be-all" defense by any means. In fact, Magic Quotes was built out o...
The Santy worm used a simple double-encoded single tick to bypass Magic Quotes. The real problem was the code: it then urldecoded the single-encoded tick at that point, but framework tricks like Magic Quotes are not the "end-all be-all" defense by any means. In fact, Magic Quotes was built out o...
[ more ]